SUSE-SU-2020:1165-1

Details

Description of the patch:

This update for LibVNCServer fixes the following issues:

CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471).
CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).
CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441).

Affected Packages

libvncclient0

SUSE Enterprise Storage 5SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

0.9.9-17.19.1

libvncserver0

SUSE Enterprise Storage 5SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

0.9.9-17.19.1

LibVNCServer-devel

SUSE Linux Enterprise Software Development Kit 12 SP4SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

0.9.9-17.19.1

References

ADVISORY

https://bugzilla.suse.com/1155419

ADVISORY

https://bugzilla.suse.com/1160471

ADVISORY